Activities-Based Regulation and Systemic Risk

Past financial crises have shown that systemic risk can emanate from financial firms or activities. It can be caused by the failure of a large firm (hence, the moniker "too big to fail") or it can be caused by correlated losses among many small market participants. Although historical financial crises have centered on banks, nonbank financial firms were also a source of instability in the 2007-2009 crisis.

The 2010 Dodd-Frank Act (P.L. 111-203) enhanced the regulation of certain financial firms and activities to reduce systemic risk, particularly prudential regulation administered by the Federal Reserve (Fed) of banks and nonbanks. All large banks were automatically subject to more stringent standards, as were nonbanks designated by the Financial Stability Oversight Council (FSOC), popularly known as systemically important financial institutions (SIFIs). This can be classified as an institution-based approach to addressing risks to financial stability at the firm level.

As discussed in this Insight, all four of the nonbanks that were designated by FSOC have since been de-designated, and the size threshold for enhanced regulation of banks was increased. In December 2019, FSOC finalized guidance to give precedence to an activities-based approach over an institution-based approach for nonbanks—regulating particular financial activities or practices to prevent them from causing financial instability. FSOC made future designations less likely by adding the following steps to the process:

  • pursue a SIFI designation "only if a potential risk or threat cannot be addressed through an activities-based approach";
  • conduct a cost-benefit analysis of the designation, making a designation "only if the expected benefits justify the expected costs that the [designation] would impose";
  • assess the likelihood that a firm would become distressed; and
  • create "off-ramps" before and after designation where SIFIs can address risks identified by FSOC to end designation.

International insurance regulation has also moved away from a focus on institution-based regulation and toward activities-based regulation. The two approaches, however, need not be mutually exclusive.

Regulating Firms Versus Activities for Systemic Risk

An institution-based approach addresses financial instability that stems primarily from the failure of large, interconnected firms. It particularly could address the experience during the 2007-2009 crisis, when large, complex firms, such as AIG, failed due to unanticipated correlated losses in different activities within a firm (credit default swaps and securities lending, in the case of AIG). An institution-based approach could also address the possibility of a firm failing due to more company-specific issues, such as inadequate internal controls, for example.

Institution-based regulation allows for overall monitoring of firms' risk-taking that activities-based regulation does not. (Dodd-Frank gave the Fed the authority to actively supervise SIFIs; all banks are subject to similar supervision, but some other types of financial firms are not.) For example, stress tests and living wills allow regulators to prepare for, respectively, how SIFIs would fare under stress and their orderly failure. Systemic risk might be more likely to build up undetected if regulators do not regularly examine large nonbanks because they are not subject to enhanced regulation.

Institution-based regulation, however, has drawbacks. It could create regulatory "cliffs" where two fairly similar firms do not compete on a "level playing field" because one is designated for enhanced regulation and the other is not. Such regulation could even backfire by pushing more "risky" activities into institutions that are not regulated for safety and soundness or systemic risk. Institution-based regulation, under Dodd-Frank, was also particularly criticized for the possibility of the Fed, a bank regulator, inappropriately applying bank-centric regulation to nonbanks. (Since the pertinent regulations were never finalized, the merits of this argument remain unknown.)

An activities-based approach may be more effective at mitigating systemic risk unrelated to distress at large firms. In particular, systemic risk sometimes results from correlated activities among smaller firms, such as the U.S. savings and loan crisis in the 1980s, in which more than 1,000 smaller financial institutions failed. Some have argued that an activities-based approach is more appropriate in securities markets. For example, asset management firms, primarily managing customers' assets, may be less likely to fail in a financial panic, but could serve as conduits for instability.

One concern some have with activities-based regulation under the current structure is that regulators may not have the authority or capacity to identify and address systemic risk in all cases. In contrast to the Fed's institution-based authority, FSOC itself does not have authority to promulgate new activities-based regulations as systemic threats emerge. Instead, Dodd-Frank relied on FSOC members' existing authorities. In some cases, that authority is broad and discretionary; in others, it is not. Where individual agencies lack authority to address systemic risk posed by activities engaged in by the institutions they regulate, Congress would need to provide these agencies with the necessary authority to act. FSOC may make nonbinding recommendations to—but cannot require—its member agencies to implement reforms. FSOC has recommended activities-based systemic risk regulations only once—in 2012, recommending that the Securities and Exchange Commission (SEC) implement money market reforms, which were ultimately adopted in 2014.

Activities-Based Regulation and Insurers

Because three out of four of the de-designated SIFIs are insurers, insurance regulation is potentially the most significantly affected by the shift from institution-based to activities-based regulation. Although insurers, particularly AIG, were instrumental in the recent crisis, traditional insurance (e.g., life, property, and casualty insurance), as an activity, is typically not seen as posing systemic risk. Insurance liabilities are often contingent and based on the occurrence of events uncorrelated with financial markets, such as extreme weather events. For these forms of insurance, "runs," such as those that occur on banks during a financial panic, are essentially impossible. Some insurance policies, however, allow for loans against policy values or forms of withdrawals that could partially mimic bank runs. Some insurers also offer forms of financial guaranty insurance, the payouts of which could be highly correlated with the financial markets. Beyond insurance policies, insurance companies may also undertake other financial market activities, such as repurchase agreements or securities lending, that could pose systemic risk.

If FSOC were to deem any insurance activities as systemically risky, arguably no federal regulator would have jurisdiction to regulate them. There is also debate about whether the state-based insurance regulatory system—with its historical focus on individual insurer solvency and consumer protection—can adequately address potential systemic risks posed by insurers' noninsurance activities.